Present Security Metrics Using Risk-Based Language
- In many cases, board and CEO presentations focus on particular issues they must address or decisions they need to make.
- To make a decision, the board needs security information in the context of risk, risk mitigation, and costs associated with eliminating that kind of threat.
“If I start using technical security terms and metrics, I completely lose the audience.”
In chief executive officer (CEO)– and board-level presentations, you must use security metrics carefully. “If I start using technical security terms and metrics, I completely lose the audience,” says Scott Singer, who wears both the chief information officer and chief information security officer hats at Par Systems, a company that develops industrial automation systems.